Health Information Security

HIPAA Security Rule: Still on Track for Finalization

November 3, 2025 By Jennifer Everett, Kate Hanniford, Angela Burnette and Jennifer Pike

Since the HHS Office for Civil Rights’ (OCR) publication of a proposed rule to overhaul the HIPAA Security Rule in January 2025, many in the health care and privacy community have wondered whether the rule would quietly fade away. Some even hoped it might be “dead in the water.” However, despite sharp criticisms and industry […]

Unlocking the MIND Act: The Senate To Take on the Challenge of Neurotechnology

September 25, 2025 By Sara Pullen

On September 24, 2025, Ranking Member Cantwell (D-Wash.), Leader Schumer (D-NY), and Senator Markey (D-Mass.) announced they will introduce the “Management of Individuals’ Neural Data Act of 2025” (“MIND Act”). If enacted, the MIND Act will direct the Federal Trade Commission (“FTC”) to conduct a comprehensive study and report on the collection, processing, storage, sale, […]

Washington AG’s Office Updates FAQs for My Health My Data Act

January 24, 2024 By Dorian Simmons and Hyun Jai Oh

The Office of the Attorney General of Washington (the “AG”) has updated the Frequently Asked Questions (the “FAQs”) for the Washington My Health My Data Act (the “Act” or “Washington Act”) to provide guidance on the AG’s position concerning whether businesses must publish standalone consumer health data privacy policies under the Act. The update, first […]

California Mandates COVID Exposure and Outbreak Reporting to Employees, Government Agencies

September 23, 2020 By Daniel Felz and Privacy, Cyber & Data Strategy Team

On Thursday, September 17, 2020, California Governor Gavin Newsom signed Assembly Bill 685 (“AB685”) into law. AB685 amends a number of portions of California’s Labor Code to address the COVID-19 pandemic. In addition to provisions that regulate reopening activities at California worksites, AB685 introduces two new COVID-related notification obligations for California employers: (1) a requirement […]

White Paper on Privacy Issues in Proposed New National Medical Claims Database

September 30, 2019 By Peter Swire

Prof. Peter Swire, Elizabeth and Thomas Holder Chair at the Georgia Tech Scheller College of Business and Senior Counsel at Alston & Bird, has published a new white paper on “Possible Privacy, Cybersecurity, and Data Breach issues in the Proposed National Medical Claims Database Under Section 303 of S. 1895.” Senators Lamar Alexander (R-TN) and Patty Murray […]